FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
matanaskovic
Staff
Staff
Article Id 240234

Description

 

This article describes how to disable bypassing the FortiAuthenticator Agent login on a Windows machine.

 

Scope

 

FortiAuthenticator 6.4.6, FortiAuthenticator Agent 4.2.

 

Solution

 

Since it is possible to log in to a Windows machine without OTP and bypass the FortiAuthenticator Agent, it is recommended to disable 'Permit Built-in Password Providers' under the FortiAuthenticator Agent settings.

 

Navigate to Credential Provider Options -> Permit Built-in Password Providers.

Disable the setting and select Apply.

 

matanaskovic_1-1671462255621.png

 

Lock the Windows machine and log in again, this time using the FortiAuthenticator Agent login window.

 

matanaskovic_1-1671466355980.png

 

Related documents:

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/fortiauthenticator-agent-for-microsoft-w...

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/fortiauthenticator-agent-for-microsoft-w...

https://docs.fortinet.com/document/fortiauthenticator/6.4.0/fortiauthenticator-agent-for-microsoft-w...